{"vulnerability": "CVE-2022-3413", "sightings": [{"uuid": "9d8191ee-468f-4e92-a083-250f36ed6304", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34138", "type": "seen", "source": "https://t.me/cibsecurity/57463", "content": "\u203c CVE-2022-34138 \u203c\n\nInsecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-02-03T18:20:59.000000Z"}, {"uuid": "88f96c40-a3f4-4279-b57e-1cb8a0d01e7b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3413", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/14325", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2022-3413\n\ud83d\udd25 CVSS Score: 4.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above.\n\ud83d\udccf Published: 2022-11-09T00:00:00.000Z\n\ud83d\udccf Modified: 2025-05-01T15:53:13.899Z\n\ud83d\udd17 References:\n1. https://gitlab.com/gitlab-org/gitlab/-/issues/374926\n2. https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3413.json", "creation_timestamp": "2025-05-01T16:14:38.000000Z"}, {"uuid": "7dd12648-0efd-47c3-bf34-b2fff3a4937c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-3413", "type": "seen", "source": "https://t.me/cibsecurity/52803", "content": "\u203c CVE-2022-3413 \u203c\n\nIncorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. These should have been restricted to Project Maintainers, Group Owners, and above.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-11-10T02:46:58.000000Z"}, {"uuid": "a46f97cb-5434-4d1f-a588-b577cbf995d0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34132", "type": "seen", "source": "https://t.me/cibsecurity/45271", "content": "\u203c CVE-2022-34132 \u203c\n\nBenjamin BALET Jorani v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at application/controllers/Leaves.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-28T07:35:32.000000Z"}, {"uuid": "1c06578b-3cd2-4e8d-97f7-55c5296825d6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34134", "type": "seen", "source": "https://t.me/cibsecurity/45270", "content": "\u203c CVE-2022-34134 \u203c\n\nBenjamin BALET Jorani v1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /application/controllers/Users.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-28T07:35:31.000000Z"}, {"uuid": "3eec4e68-0fc5-47e8-94ec-b705fecc0692", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-34133", "type": "seen", "source": "https://t.me/cibsecurity/45268", "content": "\u203c CVE-2022-34133 \u203c\n\nBenjamin BALET Jorani v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Comment parameter at application/controllers/Leaves.php.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-06-28T07:35:29.000000Z"}]}